Appln. No. 09/936,286 



Attorney Docket No. T2147-907461 



Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 
Listing of Claims : 

Claims 1-6. (cancelled) 



7. (currently amended) A method for allowing a client application to 
establish, in a client network, a connection between said client network and a s erver 
machine linked to a server network f k-s^aneeti on at a first s e curity lev ^elnA^fe-a-fiysl 

^estefl-ffl- a aei-v e r machin e link -ed-te-a-s erver n e twork, in 
order to send messages addressed to the server machine, said messages passing from 
the client network to the server network through a network layer (CR) of a gateway 
machine, the method comprising: 

reccivini^ a request from the client network at a first port of a server 
applic ation hosted in the server machine to establish a first connection at a first 
security level with the first port of the server a ppli cation; 
creating a second port in the gateway machine; 

rerouting to the second port of the gateway machine, by ordering the network 
layer (CR) of the gateway machine, any message sent from the client network and 
addressed to the first port of the server machine , followed by delatingpby ^rd e ring the 

said-m^ssage-settHf 
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receiving at the second port of the gateway machine the a-request addressed to 
the first port of the server apphcation to establish said first connection with the first 
port of the server application; 

listening to the second port of the gateway machine to detect the request 
addressed to the first port of the server application to establish said first connection 
with the first port of the server application; m4 

generating, in the gateway machine, a thread which establishes said first 
connection; and 

generating a second connection at a second security level between the gateway 
machine and a_the third port of the serv er application, the third port being configured 
to receive at least one message at the second security level from the gatewa y machine 
via said second connectio n: 

wherein said- the g enerating of said thread and said second connection i s 
performed in response to the detection of the request addressed to the first port of the 
server application to establish said first connecfionrft^^ d s aid third p e rt is confi g u red to 
r-eeeive ^t l e ast on e m o ssago at th e-see ond security level fr oi n - th e gat e way mach i n e 
v ia soid s eeaHd-eonneetlen. 

8. (previously presented) A method according to claim 7, wherein said 

thread: 

establishes, in a first phase, said first connection at the first security level in a 
first interface associated with the second port and with said request; 

establishes, in a second phase, said second connecfion at the second security 
level in a second interface to the third port in the server machine; 
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writes, in a third phase, at the second security level in the second interface, 
any message read in the first interface at the first security level, and 

writes, in a fourth phase, at the first security level in the first interface, any 
message read in the second interface at the second security level 

Claim 9. (cancelled) 

1 0. (previously presented) A method according to claim 7, wherein said 
creating and rerouting are executed automatically by a first process of the gateway 
machine, and said first process generates a second process that executes said listening 
and generating. 

1 1 . (previously presented) A method according to claim 8, wherein said 
creating and rerouting are executed automatically by a first process of the gateway 
machine, and said first process generates a second process that executes said listening 
and generating. 

12. (previously presented) A method according to claim 7, further 
comprising: 

automatically executing said creating, rerouting, and deleting, by a first 
process of the gateway machine; and 

generating, by said first process, a second process that executes said listening 
and said generating. 

Claim 13. (cancelled) 
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14, (currently amended) A method for allowing a client application to 
establish, in a client network, a connection between said client network and a server 
machine linked to a server netwo rk fir st c onn e ct io n at a first s e curity lev e l w i th a first 
pe rt of a s e rv er application hosted in q server maohin e link e d to a s e rv e r network, in 
order to send messages addressed to the server machine, said messages passing fi"om 
the client network to the server network through a network layer (CR) of a gateway 
machine, the method comprising: 

receiving a request from the client network at a first port of a server 
a pplication hosted in the server machine to e s tablish a fi rst connection at a first 
sec uritv level with the first port of the server application; 

generating, in the gateway machine, a thread which establishes said first 
connection; and 

activating, in the gateway machine, a secure application proxy that reroutes 
the messages addressed to the first port of the server application away from the first 

establishing a second connection at a second security level between a second 
port of the server application and the gateway machine, said second port being 
configured to receive at least one messa ge at a second securit v lev el from the gateway 
machine via said second connection, an d that d el et es, by ord e ring th e He twork lay e r 

p o r t of th e-s^Fver'-^pptieat:}eR-^egai#less-ej^ew ^^ level of sai dHBes8age-seftt"to4h^ 
s e cond port ; 

wherein said generating is performed in response to the-detection of the 
request addressed to the first port of the server application to establish said first 
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connection, said - s e e oRd-p ort is configured to rooeWe at l e a s t on e message at a- s eeeftd 
seeHf4ty-le v e l from t h e gateway moohin e- via said s econd oonnootion , and 

wherein said second connection is unknown to said client application. 

Claims 15-17. (cancelled) 

18. (previously presented) A method according to claim 7, wherein said first 
security level is different than said second security level. 

19. (previously presented) A method according to claim 14, wherein said first 
security level is different than said second security level. 

20. (new) * A method according to claim 7, fiirther comprising deleting, by 
ordering the network layer (CR) of the gateway machine, any message sent from the 
client network to the third port located in the server machine regardless of a security 
level of said message sent to the third port. 

21 . (new) A method as claimed in claim 14, further comprising deleting, 
by ordering the network layer (CR) of the gateway machine, any message sent from 
the client network to the second port located in the server machine regardless of a 
security level of said message sent to the second port. 
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22. (new) A method as claimed in claim 14, wherein the rerouting of the 
messages addressed to the first port of the server application is done in a way that is 
transparent to the client application. 



7 



